mercurialgrabber | 3041d2d0a12a0132944a2b1095dd464dcf66155c2937c232a2e08ab49af53fd7 | Triage

Submit
Reports

Overview

overview

Static

static

phasmophobia.exe

windows10-1703-x64

Sharing

General

Target

phasmophobia.exe
Size

41KB
Sample

240406-sxga8aea38
MD5

13ae295c93eaa000b59487b965371a22
SHA1

7b8d0ffbc829308c7a00983eec9a58518f88ab0f
SHA256

3041d2d0a12a0132944a2b1095dd464dcf66155c2937c232a2e08ab49af53fd7
SHA512

879ed0b42b53c94f0e924d544748ed346c0673731d5ce5a7a385605a916112f0e094036cfec28d3213e62591838469bcdc75450f0824fcaab484be6204667c29
SSDEEP

768:4scaIiIqfT6aGpDXswguZkeqWTj8iKZKfgm3EhEB:fc1ofnGEeqWTAiF7EGB

Score

10^/10

mercurialgrabber evasion stealer

Static task

static1

mercurialgrabber

2 signatures

Behavioral task

behavioral1

Sample

phasmophobia.exe

Resource

win10-20240404-en

mercurialgrabber evasion stealer

windows10-1703-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/1226190742091862016/FevJ3EY4nZ8U17E0aVVzH2pP-KRB_T9LcZ5HPJ-cza7zSyGVola9JNKI1ocBWhpHwxy8

Targets

- Target
  
  phasmophobia.exe
- Size
  
  41KB
- MD5
  
  13ae295c93eaa000b59487b965371a22
- SHA1
  
  7b8d0ffbc829308c7a00983eec9a58518f88ab0f
- SHA256
  
  3041d2d0a12a0132944a2b1095dd464dcf66155c2937c232a2e08ab49af53fd7
- SHA512
  
  879ed0b42b53c94f0e924d544748ed346c0673731d5ce5a7a385605a916112f0e094036cfec28d3213e62591838469bcdc75450f0824fcaab484be6204667c29
- SSDEEP
  
  768:4scaIiIqfT6aGpDXswguZkeqWTj8iKZKfgm3EhEB:fc1ofnGEeqWTAiF7EGB
Score

10^/10

mercurialgrabber evasion stealer
- Mercurial Grabber Stealer
  Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
  stealer mercurialgrabber
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

mercurialgrabber

behavioral1

mercurialgrabberevasionstealer

© 2018-2025

Terms | Privacy